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DETAILED ACTION 

1 . Applicant's arguments filed February 28, 2007, have been fully considered but 
they are not persuasive. 

2. Claims 1-24 are pending and have been examined. 

Response to Amendment 

3. The objections to claims 1 , 12, 16, and 20 are withdrawn. 

4. The rejection of claims 1 , 6, and 20 under 35 U.S.C. 112, second paragraph, is 
withdrawn. 

5. The rejection of claims 20-24 under 35 U.S.C. 1 01 is withdrawn. 

6. In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., allowing analysis based on the confidential details of the data, page 10) are not 
recited in the rejected claim(s). Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re 
Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Applicant's arguments 
are not persuasive. 

7. Applicant's arguments do not comply with 37 CFR 1 .1 1 1 (c) because they do not 
clearly point out the patentable novelty which he or she thinks the claims present in view 
of the state of the art disclosed by the references cited or the objections made. Further, 
they do not show how the amendments avoid such references or objections. 
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Claim Rejections - 35 USC § 102 

8. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

9. Claims 1, 3, 4, 6, 7, 11, 20, and 22-24 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Lei et al. (US Patent 6,487,552, hereinafter Lei). 

Regarding claims 1 and 20, Lei teaches 

a data management system (abstract), comprising: 

an access control system for limiting access to the data management 

system to authorized entities (summary); 

a data confidentiality system for identifying details in received data as 
one of secret, temporarily secret, possibly secret, and not secret, wherein 
secret, temporarily secret and possibly secret comprise confidential 
details and concealing confidential details in received data while allowing 
a composite analysis to be performed that is based on the confidential 
details (col. 1, lines 20-60); 

a data storage system for storing the received data (col. 5, lines 8-67, 
hardware overview); and 

a data update system for periodically automatically examining stored 
data to identify and expose any confidential details that have become 
non-confidential details (col. 9, lines 1-67, defining and setting context 
attributes). 
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Regarding claims 3 and 22, Lei teaches wherein stored data is analyzed with a 
data analysis system (functional overview). 

Regarding claims 4 and 23, Lei teaches wherein the data analysis system is 
permitted to analyze the stored data based upon approval by full rights members of the 
data management system (functional overview). 

Regarding claims 6 and 24, Lei teaches wherein the received data and the 
stored data are operational risk data (col. 1, lines 20-60, col. 9, lines 1-67, defining 
and setting context attributes). 

Regarding claim 7, Lei teaches wherein the system mitigates operational risk 
(col. 1, lines 20-60, col. 9, lines 1-67, defining and setting context attributes). 

Regarding claim 11, Lei teaches a customer relationship management tool for 
verifying a policy of an entity (col. 16, Policy Function section). 

Claim Rejections - 35 USC § 103 

10. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

11. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lei, 
and further in view of Admission. 

Regarding claim 5, Lei does not expressly disclose wherein data management 
system is a tamper resistant, tamper evident, tamper sensitive, tamper reactive, and 
programmable system. However, these features have been admitted per applicant to 
have been conventional and well known at the time the invention was made by the 
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failure to adequately challenge the examiner's use of official notice in a previous office 
action. 

12. Claims 2, 8-10, 12-19, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lei, and further in view of Singhal (US Patent 6,938,022). 
Regarding claim 12, Lei teaches a data management system (abstract), 

comprising: an access control system for limiting access to the data management 
system to authorized entities (summary); a data confidentiality system for identifying 
details in the received data as one of secret, temporarily secret, possibly secret and not 
secret, wherein secret, temporarily secret and possibly secret comprise confidential 
details and concealing confidential details in the received data while allowing a 
composite analysis to be performed that is based on the confidential details (col. 1, 
lines 20-60); a data storage system for storing received data after the confidential 
details have been concealed (col. 5, lines 8-67, hardware overview); a data update 
system for periodically examining stored data to identify and expose any confidential 
details that have become non-confidential details (col. 9, lines 1-67, defining and 
setting context attributes); a program approval system for approving systems for 
analyzing the stored data (col. 8, lines 32-67). Lei does not expressly teach, however 
Singhal does teach a data decryption system for receiving at randomly generated time 
intervals and decrypting received operational risk data (col. 7, lines 1-67); and a key 
security system for protecting encryption keys (col. 15, lines 17-67). Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was 
made to apply the teachings of Singhal to the system of Lei. One of ordinary skill in the 
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art would have been motivated to do so to provide data confidentiality (Singhal, 
abstract background). 

Regarding claim 16, Lei teaches a method for managing data (abstract), 
comprising: identifying details in the received data as one of secret, temporarily secret, 
possibly secrete and not secret, wherein secret, temporarily secret and possibly secret 
comprise confidential details and concealing confidential details in the received data 
while allowing a composite analysis to be performed that is based on the confidential 
details (col. 9, lines 1-67, defining and setting context attributes); storing the 
received data (col. 5, lines 8-67, hardware overview); and updating the stored data by 
identifying and exposing any confidential details that have become non-confidential 
details in the stored data (col. 9, lines 1-67, defining and setting context attributes). 
Lei does not expressly teach, however Singhal does teach receiving operational risk 
data at randomly generated time intervals in a secured manner from an authorized 
provider (col. 7, lines 1-67). Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to apply the teachings of 
Singhal to the system of Lei. One of ordinary skill in the art would have been motivated 
to do so to provide data confidentiality (Singhal, abstract, background). 

Regarding claims 2, 17, and 21, Lei teaches a program approval system for 
approving systems for analyzing the stored data (col. 8, lines 32-67). Lei does not 
expressly teach, however Singhal teaches a data decryption system for decrypting 
received data (col. 7, lines 1-67); a data verification system for verifying an accuracy of 
received data (col. 7, lines 1-67); and a key security system for protecting encryption 
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keys (col. 15, lines 17-67). The reason for combining is the same as that for claims 12 
and 16 above. 

Regarding claim 8, Lei does not expressly disclose, however Singhal teaches 
wherein data is received based upon a randomly generated time interval (col. 7, lines 
1-67). The reason for combining is the same as that for claims 12 and 16 above. 

Regarding claim 9, Lei does not expressly disclose, however Singhal teaches 
wherein the confidential details cannot be accessed by any entity (col. 7, lines 1-67). 
The reason for combining is the same as that for claims 12 and 16 above. 

Regarding claim 10, Lei does not expressly disclose, however Singhal teaches 
wherein the confidential details can only be accessed by a plurality of entities acting in 
concert (col. 7, lines 1-67). The reason for combining is the same as that for claims 12 
and 16 above. 

Regarding claims 13 and 18, the combination of Lei and Singhal teaches 
wherein stored data is analyzed with a data analysis system (Lei, functional 
overview). 

Regarding claims 14 and 19, the combination of Lei and Singhal teaches 
wherein the data analysis system is permitted to analyze the stored data based upon 
approval by full rights members of the data management system (Lei, functional 
overview). 

Regarding claim 15, the combination of Lei and Singhal teaches wherein a 
provider submits the operational risk data to the data management system, and wherein 
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a requester accesses the stored data (Lei, col. 1, lines 20-60, col. 9, lines 1-67, 
defining and setting context attributes). 

Conclusion 

13. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

14. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. US Patent Application Publication 2004/0049679 to Meggle 
disclose using a tamper resistant/tamper evident authentication device. US Patent 
Numbers 6,224,486 and 6,425,828 to Walker et al. disclose the use of tamper 
evident/resistant/reactive/sensitive systems/memory; US Patents 6,275,824 and 
6,253,203 to O'Flaherty et al. teach a privacy enhanced database with consumer 
privacy parameters. 

15. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571)272- 
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5861. The examiner can normally be reached on Monday-Tuesday and Thursday- 
Friday. 

16. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

17. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



DGC 



NASSER MOAZZAMI 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




